Gadgets

﻿

BlueBorne Bluetooth Attack Puts 5 Billion Devices at Risk

Do you have a device with Bluetooth capabilities? We have some potentially bad news.

Researchers at security firm Armis are warning users about a new attack vector leveraging Bluetooth that affects almost 5.3 billion devices across iOS, Android, Windows, and Linux. The BlueBorne technique, which spreads through the air, could allow an attacker to take complete control of affected devices, access corporate data and networks, penetrate even "secure" networks, and spread malware.

Worse yet, "the attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode," the company wrote in a blog post. In fact, this attack requires no user interaction at all.

If a user simply has Bluetooth enabled, a hacker would be able connect to their device and spread malware—all without the user's knowledge. Armis explained that because it propagates through the air, BlueBorne is "much more dangerous" than the majority of attacks today, which rely on the internet. This unusual attack method also allows hackers to bypass current security defenses since they don't protect against "airborne threats" of this kind.

[embedded content]

"BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices," Armis said.

Armis has uncovered eight associated zero-day vulnerabilities, four of which are classified as "critical." The company has reported these flaws to affected companies — including Google, Microsoft, Apple, Samsung, and Linux — and is working with them to get patches deployed.

Apple mitigated the flaw in iOS 10, but all iPhones, iPads, and iPod touch devices with iOS 9.3.5 or lower, and Apple TV devices with version 7.2.2 or lower are at risk. Google, meanwhile, has issued a security update for Android version 7.0 Nougat and 6.0 Marshmallow and notified its partners about it. This threat, however, affects "all Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions," Armis said.

Microsoft on Tuesday issued security patches to protect supported versions of Windows against this threat. The Linux team is also working to issue patches.

If you're worried, Armis recommends disabling Blutooth and using it as little as possible.